Hi Dennis: Couple of questions present themselves...
1 - Is it OK or expected to sign the jars with the same code signing key as the release "tar.gz" and ".zip" artifacts that I've already generated? I'm fine with doing that. Be aware, however that I've just generated the keys recently, so I'm not in the Apache Web of Trust. I certainly can publish the public keys, however. 2 - Central seems to want the uploaded jars to be named in the like "jsk-platform-2.2.1.jar". We currently don't name the jars that way. Is it a wish or a requirement? 3 - and if it is a requirement, does your Groovy script handle it, or do we need to change the build? Either way, would that be a 2.2.2 release, or do we just re-name and sign the jars? I suspect that there are a few cases (Starter and examples for instance) where we actually have jar names hard-coded into the scripts. I'm not assuming that you have the answers, Dennis, but maybe someone does... Cheers, Greg. On Mon, 2013-04-29 at 20:20, Dennis Reedy wrote: > Hi Greg, > > Sorry for not keeping up with this. I'm trying to work through how to stage > the artifacts for deployment into the staging repository as well. I had sent > this out before, for reference I'll include it here as well: > > Since we are about to deploy River jars to the ASF Jar Repository, I'd like > to make sure that as a project, we understand what needs to happen. Please > review this document: > http://www.apache.org/dev/publishing-maven-artifacts.html > > Since we are not a Maven project, and we do not use Ivy, I wrote a Groovy > script that uses the Maven deploy plugin > (http://maven.apache.org/plugins/maven-deploy-plugin/deploy-file-mojo.html) > to deploy River artifacts. If you want to be able to deploy to the ASF > repository you must configure Maven according to the guidelines in the > referenced document. > > Aside from the various configuration guidelines, of interest is the "Common > Procedures" section as well. I've tested the deployment script, a staging > repository does get created with the artifacts. I have also "dropped" the > repository, since we are not yet ready to release 2.2.1. > > In order for us to release the artifacts we need to sign all the jars that > are going to be published as artifact to the ASF Maven repository. We need to > sign the jars with a PGP signature. Also see > https://docs.sonatype.org/display/Repository/Central+Sync+Requirements > > Regards > > Dennis > > On Apr 28, 2013, at 826AM, Greg Trasuk wrote: > > > Apache River 2.2.1 is a maintenance release based on the Apache River > > 2.2 branch, primarily with fixes that correct incompatibilities with > > Oracle JDK 7. > > > > This is the second call for votes. The first was cancelled due to > > errors found in the release notes. > > > > Candidate Artifacts are available at: > > http://people.apache.org/~gtrasuk/river/2.2.1-rc2/ > > > > Also at that location are text files containing the 'diff' output from > > release 2.2.0, and the output of 'svn log --stop-on-copy' which shows > > all the revisions that were committed since the 2.2.0 branch was > > created. > > > > Voting period will end no sooner than 0000UTC May 2, 2013 (8:00 pm EDT > > Wed May 1, 2013). > > > > As per http://www.apache.org/foundation/voting, Releases require three > > binding '+1' votes, and more +1's than -1's. > > > > Please vote by replying to this thread on the "[email protected]" > > list, with the section below filled out. > > > > If not voting +1, please provide your reasons why. > > ------------------------------------------------------------------------------------- > > > > [ ] +1 : I approve this release > > [ ] +0 > > [ ] -0 : > > [ ] -1 : I do not approve of this release (reasoning attached) > > > > Thanks in advance, > > > > Greg Trasuk. > > > > >
